Product Group Tests

Endpoint security (2008)

Group Summary

The more time we spend evaluating BigFix, the more impressed we become with it. We rate this product our Best Buy.

A great balance between ease of use and security and the free lifetime support is what puts Sophos Endpoint Security and Control in the Recommended category.

Scroll To Full Group Summary Below

Click for a side by side comparison of products
Click for a side by side comparison of products

Full Group Summary

As the corporate world faces up to increasing data losses through USB and other mobile devices, the pressure to find bullet-proof endpoint security solutions is greater than ever, says Justin Peltier

Recently a colleague told me of an organisation that was abandoning its tape back-up system and was distributing USB drives instead. My initial thought was of the first lost USB drive with Social Security numbers, credit card numbers or other personal information. My mind immediately jumped to encrypting the USB drives.

Encryption alone was not the answer. The data held on these drives was at risk, even when attached to an endpoint device. This data would need to be protected by improved virus and spyware protection, new variant detection, anti-rootkit security, malware and remnant removal, plus firewall security.

Data is now stored on numerous devices and in different places. Few security measures are taken to protect this data where it resides most frequently: the end-user's machine and devices.

In this group review, we focused on endpoint security - the security for the machines and devices that are all too often lost, stolen or hacked into. There were three major categories of endpoint device protection: the network protection type, which would include firewall, anti-virus, encryption and VPN technologies or some combination thereof; the device protection, which would protect sensitive data from being transferred to external devices, such as drives and iPods; and the data leakage type, which would protect the endpoint by verifying which applications running on the endpoint are legitimate.

These solutions help to eliminate the legal liability, customer service costs and other ramifications of data breach disclosures through the use of extensive monitoring and reporting of data, not just at rest, but in transit. Endpoint security solutions should help the enterprises meet regulatory compliance requirements for data security and, in some cases, provide assurance that data leakage did not actually occur.

Recent statistics say 70 per cent of IT security breaches originate from within the enterprise. Thus, enterprises today are making internal security, especially internal access to network resources, their highest priority, even above gateway solutions, such as anti-virus and firewalls.

Today's enterprise security challenge is providing access to key information without exposing it to risk, and trusting internal users while retaining enough control over their actions to verify their reliability. It's simply too easy to connect a smartphone, MP3 player, digital camera or memory stick, and walk away with sensitive or confidential material.

Although it is difficult to control which devices are walking into or out of your organisation, there is a risk of a port being used to gather information. Ports are not just USB and FireWire, but also PCMCIA, Bluetooth, IrDA and WiFi.

Printers often have internal hard drives measuring in the gigabytes, and some of these have wireless connections and USB ports.

It is often asked of security professionals if they can answer the following questions: do you know what is connected to your end-user's laptop? Can you identify these devices as legitimate or rogue devices? Are the users at the endpoint permitted or are they trespassing? Are you equipped to locate the security breach and identify the intruder?

All new security protection needs to be compatible with the existing infrastructure, easy enough for the overburdened IT staff to manage and able to generate reports for management, auditors and maybe even the police. It must also be easy to install to the entire enterprise, simple to keep up-to-date, must securely log all access, alert the security staff when a breach occurs, and, finally, be effective against evolving technologies and threats.

How we tested
In almost every case, the software package only supported Windows-based platforms that were Windows 2000 and newer. BigFix was a notable exception as it also supported other clients. We chose Windows XP as the client to test the configuration on.

Almost every offering was a tiered offering with a control server required. To meet the needs of the management end, we used a Windows 2003 server. In most cases only one server was needed, but often a second server had to be used. We did all testing inside of a virtual environment and this was done a number of different ways depending on the class of security offering we were testing. We tested using everything from a small USB drive up to rootkits, botnets and other malicious software.

All Products In This Group Test